The apps you use on your phone are safe, right? Well, maybe not. A recent study by the Ponemon Institute and commissioned by IBM surveyed the app developer industry. Four hundred organizations participated, and nearly half of them were Fortune 500 companies. The results?
A full 40 percent of businesses that make apps don’t even scan their code for potential cybersecurity vulnerabilities. The average business fails to test more than half the apps released for public use.
Why would such a lucrative industry ignore its customers base? Ponemon found that 77 percent of businesses have released apps prematurely because they fear a competitor will beat them to it. Turnover in the app development field is quick and brutal. There’s greater value to a company in pushing an app toward release than there is in making sure that app is safe to release.
Applying security to the app once it’s released is almost unheard of, and app developers prefer to devote those resources to whatever their next project is. In fact, half of the companies surveyed devoted zero budget to the mobile security of their apps and 59 percent said they didn’t even have cybersecurity expertise within their company.
Only apps that encounter disaster typically see post-release security support, and even then, it can be cheaper to pull the app than to redesign it.
Unfortunately, there’s not much you can do about all these security loopholes as a customer. Being judicious in which apps you choose to use will help, but it’s almost impossible to use none whatsoever—end users will still be regularly exposed. Larger, more well known companies are not always more trustworthy, especially since apps are often designed by third parties rather than in-house.
Fortunately, most apps don’t require financial information, so most information that gets leaked has to do with the broadest identity information. There’s not a whole lot cybercriminals can do with that. However, some apps do use financial or other information that is more sensitive. Be more wary of these—again, not because the developers intend harm, but rather because the industry as a whole is not terribly protective of its users.
This also opens worries for employers. Employees who use the same phone for secure business apps and personal apps can risk some element of exposure. Even in this day and age, when one device can do everything, it can still be wise to separate devices between business and personal use.
What will all this lead to? Because of the inherent limitations and separation of mobile devices, they aren’t as at-risk as, say, computers or servers. A mobile device hides your information, whereas a server contains that of hundreds of thousands of users. The lack of mobile hacking in the news has more to do with cybercriminals targeting larger prey than it does individual mobile devices or their apps being safe.
That means this is something to be aware of, not panic about. As mobile devices become more complex and capable, we may start to see more security programs for them. Just as complete anti-virus suites have become a must for anyone who owns a PC or Mac, they may also become a must for anyone who owns other devices.
Common sense prevails. If you go app-crazy, you’re more likely to expose your personal information in some way. If you’re judicious about it, you’re still vulnerable, but that vulnerability won’t be as exposed.